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- The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )K Responsive to communication(s) filed on 20 June 2005 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-5.7- 13, 15-21, 23-48 is/are pending in the application. 

4a) Of the above claim (s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-5.7- 13. 15-21. 23-48 is/are rejected. 

7) D Ciaim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .Q Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Response to Amendment 

1. This Office Action is response to the amendment filed on 6/20/2005. 

2. Applicant's amendments to claims 1 - 48 are acknowledged. Consequently, claims 6, 14, 
22 are canceled; claims 1 - 5, 7 - 13, 15 - 21, 23 - 48 are currently pending. 

Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1 - 5, 7 - 13, 15 - 21, 23 - 48 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over O* Flaherty et al (U.S. 6,275,824) in view of Sweet et al (U.S. 2002/0031230). 
♦ As per claim 1, 9, 17, 25, 30, 33, 38, 41, 46, 

O'Flaherty discloses a system for control access data in a database comprising: 

"Receiving a command to perform an administrator function involving an object defined 
within the database system" (See Fig. 2A). The command can be made by type of users in 
the privileged classes (A, B, and C) (See col. 8, lines 46 - col. 9, lines 35). "An object 
defined within the database system" corresponds to the objects defined in tables in Fig. 
2A - B in the database system. 

"Determining if the object is a sensitive object that is associated with security functions". 
O'Flaherty teaches that in order to access to the object, it must determine the sensitivity 
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level of the information (Col. 7, lines 10 - 15), and the sensitivity level of a resource is 
simply a value. (See also fig. 4A- 4B, Teijido). 

- "The sensitive object" corresponds to " a sensitive information portion 208" (col. 7, lines 
15 in Fig. 2A,) where the "sensitive information portion 208" can include "a sensitive 
row contains sensitive data" see Fig. 2A. 

" The sensitive object and only the sensitive object is encrypted in the database system" 
See col. 10, lines 49-57. 

- "If the object is a sensitive object, and if the command is received from a normal system 
administrator, disallowing the administrative function" See col. 8, lines 46-61. The 
class A applications permits administrator performs administration functions in the data, 
therefore, it must check for user privileged for accessing these data (col. 8, lines 39 - 42). 
(See also fig. 4A- 4B, Teijido). 

- "If the object is not a sensitive object, and if the command is received from an 
administrator who is not a security officer; allowing the administrative function to 
proceed" See col. 8, lines 62 - col. 9, lines 35). (See also fig. 4A- 4B, Teijido). 

O' Flaherty teaches a plurality of view of different users, including the administrator view. 
O' Flaherty does not clearly teach that the database system has a plurality of administrators, and 
at least one of the plurality of administrators is a security officer who can perform administrative 
functions on sensitive objects. 

However, Sweet, on the other hand, discloses a security system that comprises: 

- " Plurality of administrators" page 7, paragraph 0090. 
"The sensitive object" See page 6, paragraph 008 1 . 
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- " Wherein at least one of the plurality of administrators is a security officer who can 
perform administrative functions on sensitive objects" See page 7, paragraph 0090. 

- " Wherein an administrator in the plurality of administrators who is not a security officer 
cannot become a sensitive user and thereby obtain access to sensitive objects indirectly" 
See page 7, paragraph 0091. Wherein, "an administrator in the plurality of administrators 
who is not a security officer" can be a normal, administrator in domain 125, who is 
responsible for the configuration and management only. 

"If the object is not a sensitive object, and if the command is received from an 
administrator who is not a security officer; allowing the administrative function to 
proceed" page 7, paragraph 0090 - 0091, 0152. 

- "If the object is a sensitive object, and if the command is received from an administrator 
who is not a security officer, disallowing the administrative function" page 7, paragraph 
0090-0091,0165. 

Sweet does not clearly teach "Wherein an administrator in the plurality of administrators who 
is not a security officer cannot perform administrative functions on sensitive object". 
However, as discussed above, the Sweet discloses a hierarchical administrative group 
according to different levels of administrative tasks (see page 3 paragraph 0035 of Sweet), 
and O' Flaherty teaches that depending on user privileges, different views are provided (col. 
8, lines 35 - 45 of O 5 Flaherty). 
It would have been obvious to one with ordinary skill in the art at the time the invention was 
made to create different levels of administrators using the teaching of Sweet into the system of 
O' Flaherty rather than because the teaching of Sweet provides secure electronic access to the 
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system; the combination would protect the database more secure by using different administrator 
levels so that an administrator in the plurality of administrators who is not a security officer 
(using administrator group in Sweet) cannot perform administrative functions on sensitive object 
(using O'Flaherty's view). 

♦ As per claim 2, 10, 18, 26, 34, 42, O'Flaherty and Sweet disclose: 

- "A request to perform an operation" corresponds to "a command to perform an 
administrative function" See col. 8, lines 39-61. 

♦ As per claim 3 - 5, 1 1 - 13, 19 - 21, 27 - 29, 35 - 37, 43 - 45, O'Flaherty and Sweet disclose: 

O'Flaherty teaches that the data in a given row is encrypted with an encryption code, or 
by providing each data field with a unique encryption number. Clearly, the administrator must 
decrypt the data in order to access it. 

♦ As per claim 7, 15, 23, 31, 39, 47, O'Flaherty and Sweet disclose: 

"Allowing the security officer to perform the administrative function". See col. 8, lines 
39-61. 

♦ As per claim 8, 16, 24, 32, 40, 48, O'Flaherty and Sweet disclose: 

- O'Flaherty teaches about how to protect a sensitive data stored in the database. 
Therefore, the database must include a number of sensitive data items, and only specific 
sensitive users are allowed to access a given data item as shown in Fig. 2A, col. 8, lines 
39-61. 

Response to Arguments 
3. Applicant's arguments filed 6/20/2005 have been fully considered but they are not 
persuasive. 
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Applicant argues that both O'Flaherty and Sweet and Sweet teach away from the present 
invention. Applicant argues that in the O'Flaherty reference, the database administrators are 
allowed to determine security settings of sensitive information while in the invention database 
administrators are not allowed to determine security settings of sensitive information. 
First of all, the Examiner did not use the O'Flaherty reference alone to reject the invention for 
this purpose. As discussed above, Sweet does not clearly teach, "Wherein an administrator in the 
plurality of administrators who is not a security officer cannot perform administrative functions 
on sensitive object". However, the Sweet discloses a hierarchical administrative group according 
to different levels of administrative tasks (see page 3 paragraph 0035 of Sweet), in other words, 
different administrators have different tasks based on their level. O'Flaherty teaches that 
depending on user privileges, different views are provided (col. 8, lines 35 - 45 of O'Flaherty). 
In other words, only a certain administrators can view or perform administrative function on the 
sensitive information. The combination would protect the database more secure by using 
different administrator levels so that an administrator in the plurality of administrators who is not 
a security officer (using administrator group in Sweet) cannot perform administrative functions 
on sensitive object (using O'Flaherty's view). 

Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
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the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CamLinh Nguyen whose telephone number is (571) 272-4024. 
The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on (571) 272-4023. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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